ASP.NET Security Roadmap

Updated: July 2008

This ASP.NET Security section includes topics that show you how to improve the security of a Web site or Web project. The topics in this section provide information and code examples that illustrate security methods for ASP.NET Web sites and Web projects. The topics include information about how to mitigate common security threats, how to protect resources in a Web application, and about how to authenticate and authorize individual users.


There are many threats and countermeasures to apply when you secure an ASP.NET application. We strongly recommend that you review and apply the guidance and checklists provided in the articles Improving Web Application Security: Threats and Countermeasures and Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication on the Microsoft Patterns and Practices Web site.

Getting started

Common security threats and their mitigation

Security architecture

Authentication (obtaining identification credentials)

Authorization (controlling access to resources)

ASP.NET impersonation

Encrypting connection strings and other configuration information

Guarding against scripting exploits

Securing data connections

Securing hosted Web sites

Locking down an ASP.NET Web site

Best Practices How-to topics

Performing a security review

Security videos

(All videos are on external Web sites.)




July 2008

Added topic.

SP1 feature change.

Community Additions